From 20ddbe7552cd6ee26fcdec8a2ae2821a391194e8 Mon Sep 17 00:00:00 2001 From: Jonathan Barrow Date: Sat, 29 Apr 2023 17:50:56 -0400 Subject: [PATCH] Explicitly set each non-200 status on each response --- src/middleware/pnid.ts | 6 ++--- src/middleware/xml-parser.ts | 4 +--- src/server.ts | 3 +-- src/services/nnid/routes/oauth.ts | 12 ++++------ src/services/nnid/routes/people.ts | 36 +++++++--------------------- src/services/nnid/routes/provider.ts | 8 ++----- 6 files changed, 19 insertions(+), 50 deletions(-) diff --git a/src/middleware/pnid.ts b/src/middleware/pnid.ts index 3ab6d96..f260fed 100644 --- a/src/middleware/pnid.ts +++ b/src/middleware/pnid.ts @@ -27,10 +27,8 @@ async function PNIDMiddleware(request: express.Request, response: express.Respon } if (!pnid) { - response.status(401); - if (type === 'Bearer') { - response.send(xmlbuilder.create({ + response.status(401).send(xmlbuilder.create({ errors: { error: { cause: 'access_token', @@ -43,7 +41,7 @@ async function PNIDMiddleware(request: express.Request, response: express.Respon return; } - response.send(xmlbuilder.create({ + response.status(401).send(xmlbuilder.create({ errors: { error: { code: '1105', diff --git a/src/middleware/xml-parser.ts b/src/middleware/xml-parser.ts index 4f639d5..435b1e3 100644 --- a/src/middleware/xml-parser.ts +++ b/src/middleware/xml-parser.ts @@ -34,10 +34,8 @@ function XMLMiddleware(request: express.Request, response: express.Response, nex request.body = request.body.toObject(); request.body = mapToObject(request.body); } catch (error) { - response.status(401); - // TODO: This is not a real error code, check to see if better one exists - return response.send(xmlbuilder.create({ + return response.status(401).send(xmlbuilder.create({ errors: { error: { code: '0004', diff --git a/src/server.ts b/src/server.ts index 2103ec4..80b67cd 100644 --- a/src/server.ts +++ b/src/server.ts @@ -86,8 +86,7 @@ app.use((error: any, request: express.Request, response: express.Response, _next LOG_WARN(`HTTP ${status} at ${url} from ${deviceId}: ${error.message}`); - response.status(status); - response.json({ + response.status(status).json({ app: 'api', status, error: error.message diff --git a/src/services/nnid/routes/oauth.ts b/src/services/nnid/routes/oauth.ts index 95caab9..aa93ea6 100644 --- a/src/services/nnid/routes/oauth.ts +++ b/src/services/nnid/routes/oauth.ts @@ -20,8 +20,7 @@ router.post('/access_token/generate', async (request: express.Request, response: const password: string = request.body?.password; if (!['password', 'refresh_token'].includes(grantType)) { - response.status(400); - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ error: { cause: 'grant_type', code: '0004', @@ -33,8 +32,7 @@ router.post('/access_token/generate', async (request: express.Request, response: } if (!username || username.trim() === '') { - response.status(400); - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ error: { cause: 'user_id', code: '0002', @@ -46,8 +44,7 @@ router.post('/access_token/generate', async (request: express.Request, response: } if (!password || password.trim() === '') { - response.status(400); - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ error: { cause: 'password', code: '0002', @@ -61,8 +58,7 @@ router.post('/access_token/generate', async (request: express.Request, response: const pnid: HydratedPNIDDocument | null = await getPNIDByUsername(username); if (!pnid || !await bcrypt.compare(password, pnid.password)) { - response.status(400); - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ error: { code: '0106', message: 'Invalid account ID or password' diff --git a/src/services/nnid/routes/people.ts b/src/services/nnid/routes/people.ts index e667089..fa4fa09 100644 --- a/src/services/nnid/routes/people.ts +++ b/src/services/nnid/routes/people.ts @@ -34,9 +34,7 @@ router.get('/:username', async (request: express.Request, response: express.Resp const userExists: boolean = await doesPNIDExist(username); if (userExists) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { code: '0100', @@ -60,9 +58,7 @@ router.get('/:username', async (request: express.Request, response: express.Resp router.post('/', ratelimit, deviceCertificateMiddleware, async (request: express.Request, response: express.Response): Promise => { if (!request.certificate || !request.certificate.valid) { // TODO: Change this to a different error - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ error: { cause: 'Bad Request', code: '1600', @@ -78,9 +74,7 @@ router.post('/', ratelimit, deviceCertificateMiddleware, async (request: express const userExists: boolean = await doesPNIDExist(person.user_id); if (userExists) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { code: '0100', @@ -194,9 +188,7 @@ router.post('/', ratelimit, deviceCertificateMiddleware, async (request: express await session.abortTransaction(); - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ error: { cause: 'Bad Request', code: '1600', @@ -510,9 +502,7 @@ router.put('/@me/devices/@current/inactivate', async (request: express.Request, const pnid: HydratedPNIDDocument | null = request.pnid; if (!pnid) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { cause: 'access_token', @@ -538,9 +528,7 @@ router.put('/@me/deletion', async (request: express.Request, response: express.R const pnid: HydratedPNIDDocument | null = request.pnid; if (!pnid) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { cause: 'access_token', @@ -569,9 +557,7 @@ router.put('/@me', async (request: express.Request, response: express.Response): const person: Person = request.body.person; if (!pnid) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { cause: 'access_token', @@ -635,9 +621,7 @@ router.get('/@me/emails', async (request: express.Request, response: express.Res const pnid: HydratedPNIDDocument | null = request.pnid; if (!pnid) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { cause: 'access_token', @@ -682,9 +666,7 @@ router.put('/@me/emails/@primary', async (request: express.Request, response: ex } = request.body.email; if (!pnid || !email || !email.address) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { cause: 'access_token', diff --git a/src/services/nnid/routes/provider.ts b/src/services/nnid/routes/provider.ts index 5918fa0..6756221 100644 --- a/src/services/nnid/routes/provider.ts +++ b/src/services/nnid/routes/provider.ts @@ -19,9 +19,7 @@ router.get('/service_token/@me', async (request: express.Request, response: expr const pnid: HydratedPNIDDocument | null = request.pnid; if (!pnid) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { cause: 'access_token', @@ -111,9 +109,7 @@ router.get('/nex_token/@me', async (request: express.Request, response: express. const pnid: HydratedPNIDDocument | null = request.pnid; if (!pnid) { - response.status(400); - - response.send(xmlbuilder.create({ + response.status(400).send(xmlbuilder.create({ errors: { error: { cause: 'access_token',